HackerOne is a security company that offers hacking as a service, they lets talented hackers turn a hobby into a potentially lucrative side project.
For elite hackers, this can mean thousands-even millions- of dollars. I will explain what the do and how they operates. Let's start with the bad news. Nobody wants to get hacked, and everybody gets hacked, consumers, companies. Fortunately, there are people fixing it, whether we are asking them or not. But HackerOne's White Hat Army are fixing it for all of us because we are incapable.
Bug bounties are based on the idea that if you have a web app or a mobile application, then if good guys can break in, then probably bad guys can too. If good guys cannot break in, then probably bad guys can't either. HackerOne's White Hat Army are the good guys. If the break in, you can fix it and all is good. If they cannot break in, all is good. That's what they do, that's their business. They have, today, 400,000 freelance hackers, security experts, researchers, whatever you call them, finders, who looks for software vulnerabilities in all your websites and mobile apps and report them to the companies. When they find something, the company pay them a bounty. The wonderful thing is HackerOne does not recruit hackers. It's like NSA or MI6. They don't have any job adverts. People just knows how to sign up.
A couple of months ago, PCMag covered Santiago Lopez a 19 years old that earned $1million through HackerOne. This guy had learned in a few years to break into every possible software system that amazing companies have built like the DoD and Goldman-Sachs. Whatever you have,he can break into them. Fortunately, he's a good guy. So they pay him money when he finds something, and he made a million.
Why can't these companies do this for themselves you may ask? Why do they need an outside company to do penetration testing? DoD is a great example. They came to them three years ago and said 'Could you run a program called Hack the Pentagon? We have an unlimited budget, skills, but we cannot find our security flaws'. It has to do with the fact that software can be wrong in so many ways. But even DoD cannot hire 400,000 security people. But HackerOne have them, and they deploy such that it's the right skill for the right problem. They can all share. It is the only way to deal with cyber risk because it is an asymmetric threat. Those who harm are very few, and they cause big damage to all of us. The only way to defend ourselves is to pool defense, to bring all our defenses together and share the knowledge. That is what HackerOne does. The world is spending $120 billion a year on Cybersecurity. Those are the defensive mechanisms, where they try to defend the perimeter and build stronger walls. But walls don't work in a connected society.
You may ask where do these security threats come from? Is it broken software or malware issues? It's much worse. It's you and me. The problem is not a technical problem. It's a human problem. Human beings are not disciplined. They're gullible. They don't like to admit their vulnerabilities. Those are the problems. People have to be disciplined with their passwords. Try to change your password regularly if you can remember, stop using dates of birth, names of pets or anything like that. Be unique, find something nobody else cares about.
You should check out these amazing Movies if you haven't 'Sneakers' and 'Hackers'. It's HackerOne business and completely wonderful. Don't forget to drop your comments concerning the movies after you have watched it and also how suggestions on how one can be more protective with their passwords.
How AI is Changing the World. Join Team Hubs dot ng from 25th- 27th June at the Digital Africa conference 2019 and Meet Emily (an AI), don't miss out